We’ve talked about phishing before and why it is important to recognize phishing scams. Phishing is when a scammer sends you an email purporting to be from a legitimate service, or leads you to a website imitating a legitimate one, and you are encouraged to enter your username and password, credit card information, or other sensitive data. The scammer happily saves that data and uses it to log into your sites and hack them from within, use your credit card, sell your data, and so on.
Phishing can be used for various types of scams – it is the easiest way for a hacker to gain access to your sensitive data. The best way to protect your organization is by learning to recognize phishing scams and avoid them.
Jigsaw by Google explains more about phishing scams here. Google has provided an educational quiz where you can test your skills and learn more about how to avoid phishing scams.
These tips can help you recognize phishing scams and protect yourself from a phishing attempt:
- Were you expecting the email?
- Do you know the sender?
- Were you expecting the sender to send you a link or an attachment?
- Does the email use specific language (“Here is the 2019 Financial Report you requested”) or general language (“Here is the document you requested”)?
- Grammar and spelling used to be a tip-off, and still are to some extent. But scammers are getting smarter, so don’t rely on this one exclusively.
- Mouseover the link to see where it goes. Is it a legitimate address? (If the link goes to something like google.login.ru.com, it’s NOT legitimate.)
- Better yet, don’t click on links in emails; instead, type the link into your browser’s address bar.
- If you still aren’t sure, contact your trusted web developer or other trusted IT personnel and ask their opinion.